<HTML>
<!-- =====================================================================

  File:      usp_OrdersDetailsPage.htm for Adventure Works Cycles Storefront Sample
  Summary:   Self-documentation for application
  Date:	     June 16, 2003

=====================================================================

  This file is part of the Microsoft SQL Server Code Samples.
  Copyright (C) Microsoft Corporation.  All rights reserved.

This source code is intended only as a supplement to Microsoft
Development Tools and/or on-line documentation.  See these other
materials for detailed information regarding Microsoft code samples.

THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
PARTICULAR PURPOSE.

======================================================= -->
    <head>
        <title>Adventure Works Cycles Store Documentation</title>
        <link rel="stylesheet" href="style.css">
    </head>
    <BODY>
        <h1>
            OrderDetails.aspx Page
        </h1>
        <P>
            <strong>Description:</strong> &nbsp;The OrderDetails page displays a detailed 
            list of all items placed within a specific Adventure Works Cycles order.&nbsp;
        </P>
        <p>
            <strong>Implementation Notes:</strong>&nbsp; This page appears when a user 
            clicks the "Show Details" link for a specific order from the OrderList.aspx 
            page.&nbsp; The OrderID of the product to display is passed to the page as a 
            URL querystring argument (ie: "OrderDetails.aspx?OrderID=99").&nbsp; Please 
            review the <A href="OrderList_aspx.htm">OrderList.aspx</A>&nbsp; page to see 
            how this argument is added when constructing the hyperlink to this page.
        </p>
        <p>
            Access to the OrderDetails.aspx page limited to authorized users only, per the 
            configuration system.&nbsp; The OrderDetails page logic is encapsulated 
            entirely within its&nbsp;<strong>Page_Load</strong>&nbsp;event handler.&nbsp; 
            This event handler is called when the page is accessed by a browser 
            client.&nbsp;
        </p>
        <p>
            <strong>Configuration Details:&nbsp;</strong>&nbsp;The OrderDetails.aspx page 
            has been configured to deny access to all non-authenticated customers of the 
            Adventure Works Cycles application.&nbsp; This is accomplished by adding an authorization 
            entry within the Adventure Works Cycles's <A href="Web_config.htm">Web.config</A>&nbsp;file:
        </p>
		<p>
			&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">location</font> <font color="#2040a0">path=</font><font color="#444444">&quot;OrderDetails.aspx&quot;</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">system.web</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">authorization</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">deny</font> <font color="#2040a0">users=</font><font color="#444444">&quot;?&quot;</font> <font color="#2040a0">/</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">/authorization</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">/system.web</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">/location</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
         </p>
        <p>
            The above entry explicitly denies anonymous user access to the 
            OrderDetails.aspx URL (in the configuration entry above, the "?" stands for 
            "anonymous users").&nbsp; When a non-authenticated user attempts to access this 
            page, the built-in ASP.NET forms-based security system will automatically 
            redirect them to a configured login page.&nbsp; The Adventure Works Cycles configuration entry 
            below specifies that the Login.aspx page will be the designated login page for 
            this application:
        </p>
        <P>
		&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">system.web</font><font color="4444FF"><strong>&gt;</strong></font></strong></font><BR/>
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#008000">&lt;!-- enable Forms authentication --&gt;</font><BR/>
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">authentication</font> <font color="#2040a0">mode=</font><font color="#444444">&quot;Forms&quot;</font><font color="4444FF"><strong>&gt;</strong></font></strong></font><BR/>
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">forms</font> <font color="#2040a0">name=</font><font color="#444444">&quot;AdventureWorksStoreAuth&quot;</font> <font color="#2040a0">loginUrl=</font><font color="#444444">&quot;login.aspx&quot;</font> <font color="#2040a0">protection=</font><font color="#444444">&quot;All&quot;</font> <font color="#2040a0">path=</font><font color="#444444">&quot;/&quot;</font> <font color="#2040a0">/</font><font color="4444FF"><strong>&gt;</strong></font></strong></font><BR/>
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">/authentication</font><font color="4444FF"><strong>&gt;</strong></font></strong></font><BR/>
        &nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">/system.web</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
        </P>
        <P>
            Developers are free to customize the look and feel of the login page however 
            they want, and may perform whatever manner of credential validation checks 
            necessary to validate the user (in the Adventure Works Cycles application we check 
            usernames/passwords against a database).&nbsp; After the client successfully 
            identifies themselves (ie: their username and password are correct) they are 
            redirected back to OrderDetails.aspx and granted access to the page.&nbsp; 
            Please review the <A href="Login_aspx.htm">Login.aspx</A>
        &nbsp;page to see how this is done within Adventure Works Cycles.
        <p>
            <strong>Page_Load Event Handler:&nbsp;</strong> &nbsp;The code within the 
            Page_Load event handler extracts the OrderID query string value from the URL.&nbsp; The 
            OrderDetails.aspx Page_Load event handler then utilizes this OrderID value 
            to call the GetOrderDetails method of the OrdersDB class to obtain 
            details about a specific order the customer has placed.&nbsp; This method 
            internally uses the <A href="usp_OrdersDetail.htm">usp_OrdersDetail</A>
        &nbsp;stored procedure to fetch the product&nbsp;information from the Adventure Works Cycles 
        database.
        <P>
        The specific items within the order are then displayed using an 
        &lt;asp:DataGrid&gt; control.&nbsp; Various style properties have been set on 
        the &lt;asp:datagrid&gt; to make it look nice and presentable.&nbsp; Various 
        &lt;asp:Label&gt; server controls are also then used to output aggregate 
        information about the order (total order price, ship date, order date, etc).
        <P>
    </BODY>
</HTML>
